From 24d77d592a5803fc4f7072194740e76bf84e29bc Mon Sep 17 00:00:00 2001
From: Matthew <matthew@staff.libraryofcode.org>
Date: Fri, 6 Dec 2024 20:12:23 -0500
Subject: [PATCH] disable TLSv1.2 support

---
 Nginx/nginx.conf | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Nginx/nginx.conf b/Nginx/nginx.conf
index 525d11f..965e87b 100644
--- a/Nginx/nginx.conf
+++ b/Nginx/nginx.conf
@@ -36,12 +36,12 @@ http {
         # SSL Settings
         ##
 
-        ssl_protocols TLSv1.2 TLSv1.3;
-        ssl_prefer_server_ciphers on;
+        ssl_protocols TLSv1.3;
+        ssl_prefer_server_ciphers off;
         ssl_stapling on;
         #ssl_stapling_verify on;
         ssl_session_cache shared:SSL:10m;
-        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+        #ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
         ssl_dhparam /etc/nginx/dhparam.pem;
         ssl_ecdh_curve X25519:prime256v1:secp384r1;